sync with openeuler on 03.11

Signed-off-by: Grooooot <isula@huawei.com>

Dockerfile

@@ -22,7 +22,7 @@
 
 
 FROM	centos:7.6.1810
-MAINTAINER LiFeng <lifeng68huawei.com>
+MAINTAINER LiFeng <lifeng68@huawei.com>
 
 # Install dependency package
 RUN yum clean all && yum swap -y fakesystemd systemd && \

README.md

@@ -59,6 +59,9 @@ $ sudo isula rm test
 ### Build from source
 Build requirements for developers are listed in [build_guide](./docs/build_guide.md)
 
+### Integration
+Integrate with `kubenetes` are listed in [integration.md](./docs/integration.md)
+
 ## How to Contribute
 
 We always welcome new contributors. And we are happy to provide guidance for the new contributors.

docs/integration.md

@@ -0,0 +1,131 @@
+# Integrate kubenetes
+
+## Configuration
+
+1. Configure `isulad`
+
+   Configure the `pod-sandbox-image`  in `/etc/isulad/daemon.json`:
+
+   ```json
+   "pod-sandbox-image": "my-pause:1.0.0"
+   ```
+
+   Configure the `endpoint`of `isulad`:
+
+   ```json
+   "hosts" : [
+           "unix:///var/run/isulad.sock"
+       ]
+   ```
+
+   if `hosts` is not configured, the default endpoint is `unix:///var/run/isulad.sock`.
+
+2. Restart `isulad`:
+
+   ```bash
+   $ sudo systemctl restart isulad
+   ```
+
+3. Start `kubelet` based on the configuration or default value:
+
+   ```bash
+   $ /usr/bin/bubelet 
+   --container-runtime-endpoint=unix:///var/run/isulad.sock
+   --image-service-endpoint=unix:///var/run/isulad.sock 
+   --pod-infra-container-image=my-pause:1.0.0
+   ...
+   ```
+
+## Use  RuntimeClass
+
+RuntimeClass is used for selecting the container runtime configuration to use to run a pod’s containers, see [runtime-class](https://kubernetes.io/docs/concepts/containers/runtime-class/). Currently, only `kata-containers` and `runc`  this two `oci runtime` are supported.
+
+1. Configure `isulad` in `/etc/isulad/daemon.json`:
+
+   ```json
+   "runtimes": {
+           "runc":{
+               "path": "/usr/bin/runc",
+               "runtime-args": []
+           },
+           "kata-runtime": {
+               "path": "/usr/bin/kata-runtime",
+               "runtime-args": [
+                   "--kata-config",
+                   "/usr/share/defaults/kata-containers/configuration.toml"
+               ]
+           }
+       }
+   ```
+
+2. Extra configuration
+
+   `iSulad` supports the `overlay2` and `devicemapper` as storage drivers. The default value is `overlay2`.
+
+   In some scenarios, using block device type as storage drivers is a better choice, such as run a `kata-containers`. The procedure for configuring the `devicemapper` is as follows:
+
+   Create ThinPool:
+
+   ```bash
+   $ sudo pvcreate /dev/sdb1 # /dev/sdb1 for example
+   $ sudo vgcreate isulad /dev/sdb
+   $ sudo echo y | lvcreate --wipesignatures y -n thinpool isulad -L 200G
+   $ sudo echo y | lvcreate --wipesignatures y -n thinpoolmeta isulad -L 20G
+   $ sudo lvconvert -y --zero n -c 512K --thinpool isulad/thinpool --poolmetadata isulad/thinpoolmeta
+   $ sudo lvchange --metadataprofile isulad-thinpool isulad/thinpool
+   ```
+
+   Add configuration for `devicemapper` in `/etc/isulad/daemon.json`:
+
+   ```json
+   "storage-driver": "devicemapper"
+   "storage-opts": [
+   		"dm.thinpooldev=/dev/mapper/isulad-thinpool",
+   	    "dm.fs=ext4",
+   	    "dm.min_free_space=10%"
+       ]
+   ```
+
+3. Restart `isulad`:
+
+   ```bash
+   $ sudo systemctl restart isulad
+   ```
+
+4. Define `RuntimeClass CRD` for example:
+
+   ```yaml
+   apiVersion: node.k8s.io/v1beta1
+   kind: RuntimeClass
+   metadata:
+     name: kata-runtime
+   handler: kata-runtime
+   ```
+
+5. Define pod spec `kata-pod.yaml` for example:
+
+   ```yaml
+   apiVersion: v1
+   kind: Pod
+   metadata:
+     name: kata-pod-example
+   spec:
+     runtimeClassName: kata-runtime
+     containers:
+     - name: kata-pod
+       image: busybox:latest
+       command: ["/bin/sh"]
+       args: ["-c", "sleep 1000"]
+     hostNetwork: true
+   ```
+
+6. Run pod:
+
+   ```bash
+   $ kubectl create -f kata-pod.yaml
+   $ kubectl get pod
+   NAME               READY   STATUS    RESTARTS   AGE
+   kata-pod-example   1/1     Running   4          2s
+   ```
+
+   

src/cmd/isulad/arguments.c

@@ -180,7 +180,7 @@ void service_arguments_free(struct service_arguments *args)
     free(args->logpath);
     args->logpath = NULL;
 
-    util_free_array(args->hosts);
+    util_free_array_by_len(args->hosts, args->hosts_len);
     args->hosts = NULL;
     args->hosts_len = 0;
 

src/connect/client/isula_image_connect.c

@@ -97,7 +97,7 @@ void free_isula_prepare_request(struct isula_prepare_request *req)
     req->name = NULL;
     free(req->image);
     req->image = NULL;
-    util_free_array(req->storage_opts);
+    util_free_array_by_len(req->storage_opts, req->storage_opts_len);
     req->storage_opts = NULL;
     req->storage_opts_len = 0;
     free(req);
@@ -210,10 +210,10 @@ void free_image_metadata(struct image_metadata *data)
     }
     free(data->id);
     data->id = NULL;
-    util_free_array(data->repo_tags);
+    util_free_array_by_len(data->repo_tags, data->repo_tags_len);
     data->repo_tags = NULL;
     data->repo_tags_len = 0;
-    util_free_array(data->repo_digests);
+    util_free_array_by_len(data->repo_digests, data->repo_digests_len);
     data->repo_digests = NULL;
     data->repo_digests_len = 0;
     free(data->username);

src/libisula.c

@@ -220,7 +220,7 @@ void isula_ns_change_files_free(isula_host_config_t *hostconfig)
         return;
     }
 
-    util_free_array(hostconfig->ns_change_files);
+    util_free_array_by_len(hostconfig->ns_change_files, hostconfig->ns_change_files_len);
     hostconfig->ns_change_files = NULL;
     hostconfig->ns_change_files_len = 0;
 }
@@ -252,11 +252,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig)
         return;
     }
 
-    util_free_array(hostconfig->cap_add);
+    util_free_array_by_len(hostconfig->cap_add, hostconfig->cap_add_len);
     hostconfig->cap_add = NULL;
     hostconfig->cap_add_len = 0;
 
-    util_free_array(hostconfig->cap_drop);
+    util_free_array_by_len(hostconfig->cap_drop, hostconfig->cap_drop_len);
     hostconfig->cap_drop = NULL;
     hostconfig->cap_drop_len = 0;
 
@@ -266,11 +266,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig)
     free_json_map_string_string(hostconfig->sysctls);
     hostconfig->sysctls = NULL;
 
-    util_free_array(hostconfig->devices);
+    util_free_array_by_len(hostconfig->devices, hostconfig->devices_len);
     hostconfig->devices = NULL;
     hostconfig->devices_len = 0;
 
-    util_free_array(hostconfig->hugetlbs);
+    util_free_array_by_len(hostconfig->hugetlbs, hostconfig->hugetlbs_len);
     hostconfig->hugetlbs = NULL;
     hostconfig->hugetlbs_len = 0;
 
@@ -292,7 +292,7 @@ void isula_host_config_free(isula_host_config_t *hostconfig)
     free(hostconfig->user_remap);
     hostconfig->user_remap = NULL;
 
-    util_free_array(hostconfig->ulimits);
+    util_free_array_by_len(hostconfig->ulimits, hostconfig->ulimits_len);
     hostconfig->ulimits = NULL;
     hostconfig->ulimits_len = 0;
 
@@ -311,11 +311,11 @@ void isula_host_config_free(isula_host_config_t *hostconfig)
     free(hostconfig->cgroup_parent);
     hostconfig->cgroup_parent = NULL;
 
-    util_free_array(hostconfig->binds);
+    util_free_array_by_len(hostconfig->binds, hostconfig->binds_len);
     hostconfig->binds = NULL;
     hostconfig->binds_len = 0;
 
-    util_free_array(hostconfig->blkio_weight_device);
+    util_free_array_by_len(hostconfig->blkio_weight_device, hostconfig->blkio_weight_device_len);
     hostconfig->blkio_weight_device = NULL;
     hostconfig->blkio_weight_device_len = 0;
 
@@ -332,7 +332,7 @@ void isula_container_config_free(isula_container_config_t *config)
         return;
     }
 
-    util_free_array(config->env);
+    util_free_array_by_len(config->env, config->env_len);
     config->env = NULL;
     config->env_len = 0;
 
@@ -342,11 +342,11 @@ void isula_container_config_free(isula_container_config_t *config)
     free(config->user);
     config->user = NULL;
 
-    util_free_array(config->mounts);
+    util_free_array_by_len(config->mounts, config->mounts_len);
     config->mounts = NULL;
     config->mounts_len = 0;
 
-    util_free_array(config->cmd);
+    util_free_array_by_len(config->cmd, config->cmd_len);
     config->cmd = NULL;
     config->cmd_len = 0;
 

src/services/execution/execute/execution.c

@@ -248,7 +248,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint
 
 static int umount_dev_tmpfs_for_system_container(const container_t *cont)
 {
-    if (cont->hostconfig != NULL && cont->hostconfig->system_container) {
+    if (cont->hostconfig != NULL && cont->hostconfig->system_container && cont->hostconfig->external_rootfs != NULL) {
         char rootfs_dev_path[PATH_MAX] = { 0 };
         int nret = snprintf(rootfs_dev_path, sizeof(rootfs_dev_path), "%s/dev", cont->common_config->base_fs);
         if ((size_t)nret >= sizeof(rootfs_dev_path) || nret < 0) {
@@ -514,7 +514,7 @@ static int mount_dev_tmpfs_for_system_container(const container_t *cont)
     if (cont == NULL || cont->hostconfig == NULL || cont->common_config == NULL) {
         return 0;
     }
-    if (!cont->hostconfig->system_container) {
+    if (!cont->hostconfig->system_container || cont->hostconfig->external_rootfs == NULL) {
         return 0;
     }
     int nret = snprintf(rootfs_dev_path, sizeof(rootfs_dev_path), "%s/dev", cont->common_config->base_fs);

src/services/execution/execute/execution_create.c

@@ -285,12 +285,23 @@ static int merge_config_for_syscontainer(const container_create_request *request
                                          const container_config *container_spec, const oci_runtime_spec *oci_spec)
 {
     int ret = 0;
+    char *value = NULL;
 
-    if (!host_spec->system_container || request->rootfs == NULL) {
+    if (!host_spec->system_container) {
         return 0;
     }
+    if (request->rootfs == NULL) {
+        value = oci_spec->root->path;
+    } else {
+        value = request->rootfs;
+    }
 
-    if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", request->rootfs)) {
+    if (append_json_map_string_string(oci_spec->annotations, "rootfs.mount", value)) {
+        ERROR("Realloc annotations failed");
+        ret = -1;
+        goto out;
+    }
+    if (request->rootfs != NULL && append_json_map_string_string(oci_spec->annotations, "external.rootfs", "true")) {
         ERROR("Realloc annotations failed");
         ret = -1;
         goto out;

src/services/execution/execute/execution_information.c

@@ -450,7 +450,8 @@ out:
     return ret;
 }
 
-int parse_output(char **title, char ***process, const char *output, const pid_t *pids, size_t pids_len)
+int parse_output(char **title, char ***process, size_t *process_len, const char *output, const pid_t *pids,
+                 size_t pids_len)
 {
     int ret = 0;
     int pid_num = 0;
@@ -479,6 +480,7 @@ int parse_output(char **title, char ***process, const char *output, const pid_t
     }
 
     ret = parse_output_by_lines(*process, tmp, pid_num, stime, pids, pids_len);
+    *process_len = util_array_len((const char **)(*process));
 
 out:
     util_free_array(tmp);
@@ -755,6 +757,7 @@ static int container_top_cb(container_top_request *request, container_top_respon
     char *stderr_buffer = NULL;
     char *titles = NULL;
     char **processes = NULL;
+    size_t process_len = 0;
     pid_t *pids = NULL;
     size_t pids_len = 0;
     container_t *cont = NULL;
@@ -792,17 +795,17 @@ static int container_top_cb(container_top_request *request, container_top_respon
         goto pack_response;
     }
 
-    if (parse_output(&titles, &processes, stdout_buffer, pids, pids_len)) {
+    if (parse_output(&titles, &processes, &process_len, stdout_buffer, pids, pids_len)) {
         ERROR("Failed to parse output!");
         cc = ISULAD_ERR_EXEC;
         goto pack_response;
     }
-    if (util_array_len((const char **)processes) > SIZE_MAX / sizeof(char *)) {
+    if (process_len > SIZE_MAX / sizeof(char *)) {
         ERROR("invalid processe size");
         cc = ISULAD_ERR_EXEC;
         goto pack_response;
     }
-    (*response)->processes = util_common_calloc_s(util_array_len((const char **)processes) * sizeof(char *));
+    (*response)->processes = util_common_calloc_s(process_len * sizeof(char *));
     if ((*response)->processes == NULL) {
         ERROR("Out of memory");
         cc = ISULAD_ERR_EXEC;
@@ -811,10 +814,10 @@ static int container_top_cb(container_top_request *request, container_top_respon
 
     (*response)->titles = titles;
     titles = NULL;
-    for (i = 0; i < util_array_len((const char **)processes); i++) {
+    for (i = 0; i < process_len; i++) {
         (*response)->processes[i] = util_strdup_s(processes[i]);
     }
-    (*response)->processes_len = util_array_len((const char **)processes);
+    (*response)->processes_len = process_len;
     (void)isulad_monitor_send_container_event(id, TOP, -1, 0, NULL, NULL);
 
 pack_response:
@@ -830,7 +833,7 @@ pack_response:
     stderr_buffer = NULL;
     free(pid_args);
     free(titles);
-    util_free_array(processes);
+    util_free_array_by_len(processes, process_len);
     free_log_prefix();
     DAEMON_CLEAR_ERRMSG();
     return (cc == ISULAD_SUCCESS) ? 0 : -1;

src/services/execution/spec/specs_mount.c

@@ -1874,7 +1874,7 @@ static bool mount_file(oci_runtime_spec *container, const char *src_path, const
 out_free:
 
     if (!ret) {
-        util_free_array(options);
+        util_free_array_by_len(options, options_len);
         free_defs_mount(tmp_mounts);
     }
     return ret;
@@ -1924,7 +1924,7 @@ static bool add_host_channel_mount(oci_runtime_spec *container, const host_confi
 out_free:
 
     if (!ret) {
-        util_free_array(options);
+        util_free_array_by_len(options, options_len);
         free_defs_mount(tmp_mounts);
     }
     return ret;
@@ -2261,7 +2261,7 @@ static bool add_shm_mount(oci_runtime_spec *container, const char *shm_path)
 out_free:
 
     if (!ret) {
-        util_free_array(options);
+        util_free_array_by_len(options, options_len);
         free_defs_mount(tmp_mounts);
     }
     return ret;